i have a created a new trunk group on the fortiswitcch
mc-lag enabled, STP Enable , Edge port
lacp active
port 48,port48
Cisco
LACP mode active
Port channel 13
Cisco switch is running MST spanning tree mode (same as fortiswitch)
when i try to enable to port-channel i get STP error on the cisco side and the cisco ports go into err-disabeld state
any idea what going on?
does anyone have a working configuration of a similar environment?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi @blackstark ,
Can you try disabling edge port and mclag on fortiswitch? I dont think you need them.
Thanks
it's up now. so one side is passive and the cisco side is active is the recommended approach? I always thought they should match on both side.
i disable edge port
for mc-lag - is this required because I am spanning across a 2 FSW.
It's not mandatory to match but it should work with both nodes being active (maybe Cisco doesn't like the Fortinet LACP PDU), anyway having one side configured as active does the job fully since it still puts the problematic port immediately down and not cause any packet drops. Both nodes set as passive will not work and having static it's prone to packet drop since the other node is not aware if the link is not useful anymore.
Hi @blackstark ,
I think MCLAG is to have 1 logical FSW with 2 physical via an ICL link. I may be missing something..
REF: https://docs.fortinet.com/document/fortiswitch/7.2.5/administration-guide/860027/mclag
Abdel
Hi @blackstark ,
Ah sorry my bad i misread it if you are spanning with 2 FSW you need MCLAG i thought you said MCLAG to the cisco switch.
Good to disable edge port because this is the same as portfast which disable STP
Thank
Have read somewhere:
On both FortiSwitches you have to change the STP announcement type from both to single.
Set to both to allow both core switches of an MCLAG to transmit STP BPDUs. Set to single to prevent both core switches of an MCLAG from transmitting STP BPDUs.
Log into the switch CLI and put this in...
config switch stp setting
set mclag-stp-bpdu single
end
On Cisco Side looks like:
*Jan 19 10:35:46.535: %SPANTREE-5-ROOTCHANGE: Root Changed for instance 0: New Root Port is Port-channel12. New Root Mac Address is 8439.1234.567a
*Jan 19 10:35:46.552: %SPANTREE-5-TOPOTRAP: Topology Change Trap for instance 0
*Jan 19 10:37:11.637: %PM-4-ERR_DISABLE: channel-misconfig error detected on Po12, putting Gi1/0/1 in err-disable state
*Jan 19 10:37:11.659: %PM-4-ERR_DISABLE: channel-misconfig error detected on Po12, putting Gi2/0/1 in err-disable state
*Jan 19 10:37:11.706: %PM-4-ERR_DISABLE: channel-misconfig error detected on Po12, putting Po12 in err-disable state
*Jan 19 10:37:12.639: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/1, changed state to down
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.